Ukrainian government agencies are facing enhanced cyber threats from Russian-backed actors employing advanced tactics to infiltrate networks. These attacks are characterized by a strategic shift towards hiding within systems for extended periods rather than immediate destruction, marking a new level of complexity in cyber warfare. Investigations revealed that threat actors have targeted credential harvesting, using legitimate tools and methods that evade traditional security measures.
Two significant cyber intrusion incidents were reported, with one attack linked to Sandworm, the GRU’s military unit notorious for past destructive operations against critical infrastructure. Notably, attackers utilized webshells to exploit unpatched vulnerabilities, enabling them to maintain persistent command and control capabilities. Their tactics included disabling security features, creating scheduled tasks for memory dumps, and extracting credentials from targeted repositories like KeePass. This approach indicates a well-planned operation prioritizing stealth and the systematic collection of sensitive data across prolonged access periods, demonstrating an alarming evolution in the threat landscape.
👉 Pročitaj original: Cyber Security News
